package com.rent.auth.interceptor;


import com.security.config.IgnoreUrlsConfig;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import java.util.Arrays;

/**
 * @Author zhang
 * @create 2022/9/14 16:39
 */
@Slf4j
@Configuration
// 开启 资源服务器(标识他是一个oauth2中的资源服务器)
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)//激活方法上的PreAuthorize注解
public class OauthResourceSecurityFilter extends ResourceServerConfigurerAdapter {


    @Autowired
    private IgnoreUrlsConfig ignoreUrlsConfig;


    @Override
    public void configure(HttpSecurity http) throws Exception {
        int l = ignoreUrlsConfig.getUrls().size();
        String[] urls = ignoreUrlsConfig.getUrls().toArray(new String[l]);
        log.info("资源标识忽略拦截:{}", Arrays.toString(urls));
        http
                .csrf().disable() //禁用session
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .httpBasic().disable()// 禁用basic明文验证
                .formLogin().disable()//禁用登录页
                .logout().disable()// 禁用登出页
                .authorizeRequests()
                //下边的路径放行
                .antMatchers(urls). //配置地址放行
                permitAll()
                .anyRequest()
                .authenticated();    //其他地址需要认证授权
    }

}
